Troj/Agent-KIR

Category: Viruses and Spyware Protection available since:28 Jun 2009 03:03:45 (GMT)
Type: Trojan Last Updated:28 Jun 2009 03:03:45 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Agent-KIR is a Trojan for the Windows platform.

When run Troj/Agent-KIR creates the files:
<Temp>\bassmod.dll - can be safely deleted
<Temp>\keygen.exe - detected as Troj/Agent-KIR
<Temp>\nzm.exe - detected as Troj/Agent-KIR
<System>\winupdate.exe - detected as Troj/Agent-KIR

The following registry entries are set:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Microsoft Updater
winupdate.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Microsoft Updater
winupdate.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Microsoft Updater
winupdate.exe

HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
|
|:*:Enabled:Microsoft Updater

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy